8 risk 8.1 PurPose The purpose of the Risk theme is to identify, assess and control uncertainty and, as a result, improve the ability of the project to succeed. Risk taking in projects is inevitable since projects are enablers of change and change introduces uncertainty, hence risk. Management of risk should be systematic and not based on chance. It is about the proactive identification, assessment and control of risks that might affect the delivery of the project's objectives. The project should establish and maintain a cost- effective risk management procedure. The aim is to support better decision making through a good understanding of risks ­ their causes, likelihood, impact, timing, and the choice of responses to them. Management of risk is a continual activity, performed throughout the life of the project. Without an ongoing and effective risk management procedure it is not possible to give confidence that the project is able to meet its objectives and therefore whether it is worthwhile for it to continue. Hence effective risk management is a prerequisite of the continued business justification principle. 8.2.2 What is at risk? In the context of a project, it is the project's objectives that are at risk. These will include completing the project to a number of targets, typically covering time, cost, quality, scope, benefits and risk. For more information on these targets, see section 2.5. 8.2.3 What is risk management? The term risk management refers to the systematic application of procedures to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making. For risk management to be effective, risks need to be: identified This includes risks being considered 8.2 risk defined 8.2.1 What is a risk? A risk is an uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. It consists of a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives, where: Threat is used to describe an uncertain event that could affect the achievement of the project's objectives, and then described to ensure that there is a common understanding of these risks Assessed This includes ensuring that each risk can be ranked in terms of estimated likelihood, impact and immediacy, and understanding the overall level of risk associated with the project Controlled This includes identifying appropriate responses to risks, assigning risk owners, and then executing, monitoring and controlling these responses. Risk management applies from the strategic, operational, programme and project perspectives. The approach to the management of risk can be common across all of these perspectives but risk management procedures should be tailored to suit each one. See Figure 8.1 for organizational perspectives. that could have a negative impact on objectives opportunity is used to describe an uncertain event that could have a favourable impact on objectives.